The current safety settings of your browser limit the execution of certain elements of this site. To offer the best possible support and to make the navigation on our site as convenient as possible for you it is mandatory to accept JavaScript in the settings of your browser.

To receive a flawless presentation please follow these instructions.

Mozilla Firefox

In the address bar, type "about:config" (with no quotes), and press Enter.
Click "I'll be careful, I promise"
In the search bar, search for "javascript.enabled" (with no quotes).
Right click or double click the result named "javascript.disabled" and change to "enabled".
JavaScript is now enabled.

Infineon TPM Vulnerability (ROCA)

Advisory note: Infineon TPM vulnerability (Reference: CVE-2017-15361)

Recently, an academic research team developed advanced mathematical methods to analyze and exploit weaknesses in acceleration algorithms for prime number finding, which are commonly used today for RSA secure key generation.

The information below includes a description of the vulnerability and details the steps recommended by Infineon and Fujitsu that users should take to secure affected product lines.(ROCA: “The Return of Coppersmith's Attack”)

Summary:

TPM (Trusted Platform Module) is an international standard for a secure crypto processor, used to secure hardware through the integration of cryptographic keys into devices.A vulnerability in Infineon TPM hardware has been discovered recently with outdated TPM firmware using an algorithm that generates weaker RSA keys. This page provides information on how to update outdated TPM firmware. Updating the TPM firmware prevents the generation of weak TPM keys - after the update, the TPM will generate keys using an improved hardware algorithm. However, it will also still be necessary to revoke weak TPM keys that were generated by the outdated firmware.

Please note that while this discovery is noteworthy, the vulnerability does not negate the benefits of hardware encryption, as these do not depend on algorithm generation. Overall, the historical benefits of hardware encryption (OS independence, performance and permanence) remain and should be taken into account when deciding an encryption solution.

Fujitsu is providing an easy to use Windows-based tool for end customers to identify whether a TPM is installed in their system. If the tool finds a TPM in the system, then it will show the relevant TPM and firmware version. This tool can be found here:TPM Information Tool

Please note: for some affected products, TPM was sold as an optional component. This means that not all systems are affected by this issue.

Technical Background Information:

The following TPM products in combination with the Firmware are affected:

Fujitsu recommends using the Windows based tool (as mentioned above).:

Alternatively, identify the TPM version by using the Trusted Platform Module Management on Local Computer (TPM Management Console).

Access it by

Clicking Start

typing tpm.msc in the Search box

then pressing “Enter

This displays the TPM manufacturer information.

Depending on the actual user rights within the operating system, users might need to right-click on “tpm.msc” within the search results and then select “Start as Administrator”.

Check the following information:

Vendor information:

“IFX”, “Infineon” or “Infineon Technologies AG” will indicate that you are using an Infineon TPM

TPM Version:

“1.2” or “2.0” - this will indicate the type of update you need

Manufacturer Version:

This will tell you the firmware version – please use the list of affected products above to see whether your firmware version requires an update and how to execute the update.

Recommended steps:

Consult the list of affected Fujitsu systems. This provides an overview of affected Fujitsu systems.OrCheck whether your system is equipped with an affected Infineon TPM (see above for the procedure)

Before updating the TPM firmware, please make sure that you save your encryption keys, decrypt all your encrypted data and backup to an external storage device, to avoid any data loss.

Download and install the suitable TPM firmware update package for your system. The correct update procedure for each system is noted in the list of the affected Fujitsu products. The list also includes the direct link to download the individual firmware update packages.

Important information for TPM 1.2:For the TPM 1.2 firmware update, the Owner Password is required. If the Owner Password is not stored by the operating system then you need to know the Owner Password or you have a valid Owner Password Backup File. If the Owner Password is not stored by the operating system and you do not have a valid Owner Password Backup File, or you do not know the Owner Password, you must clear the TPM. You will be able to take ownership again later on.

WARNING: Clearing the TPM resets it to factory defaults. All created keys will be deleted and you will therefore lose access to any data encrypted by those keys.

How to clear TPM 1.2:

Windows 7, 8.1, 10 (up to Windows 10 version 1607):

Please close all applications before proceeding, as the system needs to reboot during the clearing process.

Click Start

type tpm.msc in the Search box then press “Enter”

Press the button “Clear TPM…” on the right side under “Actions”

The system needs to reboot. Please make sure that you have saved all your data and close all running applications before pressing the “Restart” button.

A message will display after the reboot. Please confirm the execution of the TPM clear process either by pressing “F12” or the “Yes” button (depending on the system).

If the TPM clear process has completed successfully, a notification will show (only for Windows 7, 8.1, 10 (up to version 1607)).

If Windows starts the TPM Wizard automatically, press “Cancel”.

The TPM firmware update procedure can now be executed.

Windows 10 (from version 1607)

A dedicated procedure is necessary to clear the TPM. Details of how this can be done are described in the file “Readme.html”, which is provided with the firmware update package.

For more detailed information regarding TPM Clear please refer also to the following Microsoft site:

After the TPM firmware update, the TPM Chip will generate new secure keys. Nevertheless, even after the firmware update, old “weak” keys are still stored within the TPM chip and will continue to be used by related software products. The only exception is if the TPM 1.2 was cleared before the firmware update due to a missing Owner Password. Clearing the TPM resets it to its factory default and deletes all keys stored inside the TPM.

To encrypt your data in a safe way, Fujitsu recommends the following steps after the firmware update:

a) Decrypt your encrypted datab) Delete the old keys inside the TPMc) Generate new keysd) Encrypt your data with the new keys

For details how to decrypt / encrypt your data, please refer to the instructions from your software vendor.